Configuration Command Reference Guide
configure authority
Authority configuration is the top-most level in the SSR configuration hierarchy.
Subcommands
| command | description |
|---|---|
access-management | Role Based Access Control (RBAC) configuration. |
asset-connection-resiliency | Configure Asset Connection Resiliency |
backwards-compatible-vrf-bgp-tenants | When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3 |
bgp-service-generation | Configure Bgp Service Generation |
cli-messages | Configure Cli Messages |
client-certificate | The client-certificate configuration contains client certificate content. |
clone | Clone a list item |
conductor-address | IP address or FQDN of the conductor |
currency | Local monetary unit. |
delete | Delete configuration data |
district | Districts in the authority. |
dscp-map | Configure Dscp Map |
dynamic-hostname | Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, 'interface-{interface-id}.{router-name}.{authority-name}'. |
fib-service-match | When creating FIB entries by matching route updates to service addresses, consider the specified service addresses. |
forward-error-correction-profile | A profile for Forward Error Correection parameters, describing how often to send parity packets. |
icmp-control | Settings for ICMP packet handling |
idp-profile | User defined IDP profiles. |
ipfix-collector | Configuration for IPFIX record export. |
ipv4-option-filter | Configure Ipv 4 Option Filter |
ldap-server | LDAP Servers against which to authenticate user credentials. |
management-service-generation | Configure Management Service Generation |
metrics-profile | A collection of metrics |
name | The identifier for the Authority. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
password-policy | Password policy for user's passwords. |
pcli | Configure the PCLI. |
performance-monitoring-profile | A performance monitoring profile used to determine how often packets should be marked. |
radius-server | Radius Servers against which to authenticate user credentials. |
rekey-interval | Hours between security key regeneration. Recommended value 24 hours. |
remote-login | Configure Remote Login |
resource-group | Collect objects into a management group. |
router | The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies. |
routing | authority level routing configuration |
security | The security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets. |
service | The service configuration is where you define the services that reside within the authority's tenants as well as the policies to apply to those services. |
service-class | Defines the association between DSCP value and a priority queue. |
service-policy | A service policy, which defines parameters applied to services that reference the policy |
session-record-profile | A profile to describe how to collect session records. |
session-recovery-detection | Configure Session Recovery Detection |
session-type | Type of session classification based on protocol and port, and associates it with a default class of service. |
show | Show configuration data for 'authority' |
software-update | Configure Software Update |
step | Configure Step |
step-repo | List of Service and Topology Exchange Protocol repositories. |
tenant | A customer or user group within the Authority. |
traffic-profile | A set of minimum guaranteed bandwidths, one for each traffic priority |
trusted-ca-certificate | The trusted-ca-certificate configuration contains CA certificate content. |
web-messages | Configure Web Messages |
web-theme | Configure Web Theme |
configure authority access-management
Role Based Access Control (RBAC) configuration.
Subcommands
| command | description |
|---|---|
clone | Clone a list item |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
role | Configure Role |
show | Show configuration data for 'access-management' |
token | Configuration for HTTP authentication token generation. |
configure authority access-management role
Configure Role
Usage
configure authority access-management role <name>
Positional Arguments
| name | description |
|---|---|
| name | A unique name that identifies this role. |
Subcommands
| command | description |
|---|---|
capability | The capabilities that this user will be granted. |
clone | Clone a list item |
delete | Delete configuration data |
description | A description about the role. |
exclude-resource | Exclude a resource from being associated with this role. |
name | A unique name that identifies this role. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource | Associate this role with a resource. |
resource-group | Associate this role with a top-level resource-group. |
show | Show configuration data for 'role' |
configure authority access-management role capability
The capabilities that this user will be granted.
Usage
configure authority access-management role capability [<identityref>]
Positional Arguments
| name | description |
|---|---|
| identityref | Value to add to this list |
Description
identityref
A value from a set of predefined names.
Options:
config-read: Configuration Read Capabilityconfig-write: Configuration Write Capabilityprovisioning: Asset Provisioning Capability
configure authority access-management role description
A description about the role.
Usage
configure authority access-management role description [<string>]
Positional Arguments
| name | description |
|---|---|
| string | The value to set for this field |
Description
string
A text value.
configure authority access-management role exclude-resource
Exclude a resource from being associated with this role.
Usage
configure authority access-management role exclude-resource <id>
Positional Arguments
| name | description |
|---|---|
| id | Configure Id |
Subcommands
| command | description |
|---|---|
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'exclude-resource' |
configure authority access-management role exclude-resource id
Configure Id
Usage
configure authority access-management role exclude-resource id [<resource-id>]
Positional Arguments
| name | description |
|---|---|
| resource-id | The value to set for this field |
Description
resource-id (string)
The identifier of the resource.
Must be either just a * asterisk or an identifier
followed by a colon which is then followed by either
an asterisk, or a path that contains only valid yang
names and list-keys separated by forward-slashes and
optionally followed by a forward-slash and an asterisk.
Example: 128t:/authority/router/MyRouter/*
configure authority access-management role name
A unique name that identifies this role.
Usage
configure authority access-management role name [<name-id>]
Positional Arguments
| name | description |
|---|---|
| name-id | The value to set for this field |
Description
name-id (string)
A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.
Must contain only alphanumeric characters or any of the following: _ - Length: 0-63
configure authority access-management role resource
Associate this role with a resource.
Usage
configure authority access-management role resource <id>
Positional Arguments
| name | description |
|---|---|
| id | Configure Id |
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
generated | Indicates whether or not the resource was automatically generated |
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'resource' |
configure authority access-management role resource generated
Indicates whether or not the resource was automatically generated
Usage
configure authority access-management role resource generated [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
boolean
A true or false value.
Options: true or false
configure authority access-management role resource id
Configure ID
Usage
configure authority access-management role resource id [<resource-id>]
Positional Arguments
| name | description |
|---|---|
| resource-id | The value to set for this field |
Description
resource-id (string)
The identifier of the resource.
Must be either just a * asterisk or an identifier
followed by a colon which is then followed by either
an asterisk, or a path that contains only valid yang
names and list-keys separated by forward-slashes and
optionally followed by a forward-slash and an asterisk.
Example: 128t:/authority/router/MyRouter/*
configure authority access-management role resource-group
Associate this role with a top-level resource-group.
Usage
configure authority access-management role resource-group [<resource-group-ref>]
Positional Arguments
| name | description |
|---|---|
| resource-group-ref | Value to add to this list |
Description
resource-group-ref (leafref)
This type is used by other entities that need to reference configured resource groups.
configure authority access-management token
Configuration for HTTP authentication token generation.
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
expiration | Minutes after initial authentication that the authentication token is valid. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'token' |
configure authority access-management token expiration
Minutes after initial authentication that the authentication token is valid.
Usage
configure authority access-management token expiration [<union>]
Positional Arguments
| name | description |
|---|---|
| union | The value to set for this field |
Description
Units: minutes
Default: never
union
A value that corresponds to one of its member types.
Must be one of the following types:
(0) uint64
An unsigned 64-bit integer.
Range: 1-18446744073709551615
(1) enumeration
A value from a set of predefined names.
Options:
never: Never expire
configure authority asset-connection-resiliency
Configure Asset Connection Resiliency
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
enabled | Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'asset-connection-resiliency' |
ssh-only | Only allow the asset connections from managed Router to Conductor to connect via the SSH tunnels. |
configure authority asset-connection-resiliency enabled
Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.
Usage
configure authority asset-connection-resiliency enabled [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
Default: true
boolean
A true or false value.
Options: true or false
configure authority asset-connection-resiliency ssh-only
Only allow the asset connections from managed Router to Conductor to connect via the SSH tunnels.
Usage
configure authority asset-connection-resiliency ssh-only [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
configure authority backwards-compatible-vrf-bgp-tenants
When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3
Usage
configure authority backwards-compatible-vrf-bgp-tenants [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
Default: false
boolean
A true or false value.
Options: true or false
configure authority bgp-service-generation
Configure Bgp Service Generation
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
route-reflector-client-mesh | Generate service-route mesh for route reflector clients. |
security-policy | Security policy to be used instead of 'internal'. |
service-policy | Service policy to be used for generated BGP services. |
show | Show configuration data for 'bgp-service-generation' |
configure authority bgp-service-generation route-reflector-client-mesh
Generate service-route mesh for route reflector clients.
Usage
configure authority bgp-service-generation route-reflector-client-mesh [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
Default: false
boolean
A true or false value.
Options: true or false
configure authority bgp-service-generation security-policy
Security policy to be used instead of 'internal'.
Usage
configure authority bgp-service-generation security-policy [<security-ref>]
Positional Arguments
| name | description |
|---|---|
| security-ref | The value to set for this field |
Description
security-ref (leafref)
This type is used by other entities that need to reference configured security policies.
configure authority bgp-service-generation service-policy
Service policy to be used for generated BGP services.
Usage
configure authority bgp-service-generation service-policy [<service-policy-ref>]
Positional Arguments
| name | description |
|---|---|
| service-policy-ref | The value to set for this field |
Description
service-policy-ref (leafref)
This type is used by other entities that need to reference configured service policies.
configure authority cli-messages
Configure Cli Messages
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
login-message | The message displayed before login through console. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'cli-messages' |
welcome-message | The message displayed after a successful login through console. |
configure authority cli-messages login-message
The message displayed before login through console.
Usage
configure authority cli-messages login-message [<string>]
Positional Arguments
| name | description |
|---|---|
| string | The value to set for this field |
Description
string
A text value.
configure authority cli-messages welcome-message
The message displayed after a successful login through console.
Usage
configure authority cli-messages welcome-message [<string>]
Positional Arguments
| name | description |
|---|---|
| string | The value to set for this field |
Description
string
A text value.